• Home
  • Articles
  • [Q31-Q55] Download Palo Alto Networks PCCET Sample Questions [Apr-2023]

[Q31-Q55] Download Palo Alto Networks PCCET Sample Questions [Apr-2023]

Share

Download Palo Alto Networks PCCET Sample Questions [Apr-2023]

Real PCCET Exam Questions and Answers FREE


Following is the purpose of the Palo Alto Networks PCCET Certification Exam:

The purpose of the Palo Alto Networks PCCET certification exam is to provide candidates with a comprehensive understanding of the foundation concepts and principles in the cybersecurity field. The certification exam is based on the NIST/NICE framework. This framework is designed to align with the latest cybersecurity curriculum and help ensure that students acquire the required skills. The exam is designed to help candidates gain foundational knowledge of the cybersecurity field, such as understanding cyber threats and defenses, and cyber hygiene. It will also validate candidates' knowledge of network security, cloud security, and SOC security. Candidates must demonstrate the ability to identify various cyber threats and defenses as well as to implement secure network design and configuration.

 

NEW QUESTION 31
Which option is an example of a North-South traffic flow?

  • A. Client-server interactions that cross the edge perimeter
  • B. Traffic between an internal server and internal user
  • C. Lateral movement within a cloud or data center
  • D. An internal three-tier application

Answer: A

 

NEW QUESTION 32
Which network firewall operates up to Layer 4 (Transport layer) of the OSI model and maintains information about the communication sessions which have been established between hosts on trusted and untrusted networks?

  • A. Stateful
  • B. Stateless
  • C. Group policy
  • D. Static packet-filter

Answer: A

Explanation:
Stateful packet inspection firewalls Second-generation stateful packet inspection (also known as dynamic packet filtering) firewalls have the following characteristics:
* They operate up to Layer 4 (Transport layer) of the OSI model and maintain state information about the communication sessions that have been established between hosts on the trusted and untrusted networks.
* They inspect individual packet headers to determine source and destination IP address, protocol (TCP, UDP, and ICMP), and port number (during session establishment only) to determine whether the session should be allowed, blocked, or dropped based on configured firewall rules.
* After a permitted connection is established between two hosts, the firewall creates and deletes firewall rules for individual connections as needed, thus effectively creating a tunnel that allows traffic to flow between the two hosts without further inspection of individual packets during the session.
* This type of firewall is very fast, but it is port-based and it is highly dependent on the trustworthiness of the two hosts because individual packets aren't inspected after the connection is established.

 

NEW QUESTION 33
Which technique changes protocols at random during a session?

  • A. tunneling within commonly used services
  • B. use of non-standard ports
  • C. port hopping
  • D. hiding within SSL encryption

Answer: C

 

NEW QUESTION 34
In addition to integrating the network and endpoint components, what other component does Cortex integrate to speed up IoC investigations?

  • A. Switch
  • B. Computer
  • C. Infrastructure
  • D. Cloud

Answer: D

Explanation:
Explanation
Cortex XDR breaks the silos of traditional detection and response by natively integrating network, endpoint, and cloud data to stop sophisticated attacks

 

NEW QUESTION 35
Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

  • A. Behavior-based
  • B. Database-based
  • C. Knowledge-based
  • D. Signature-based

Answer: A

Explanation:
Explanation
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems:
A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective.
A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt.
These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems

 

NEW QUESTION 36
In a traditional data center what is one result of sequential traffic analysis?

  • A. simplifies security policy management
  • B. improves security policy application ID enforcement
  • C. reduces network latency
  • D. causes security policies to be complex

Answer: D

Explanation:
Explanation
Multiple policies, no policy reconciliation tools: Sequential traffic analysis (stateful inspection, application control, intrusion prevention system (IPS), anti-malware, etc.) in traditional data center security solutions requires a corresponding security policy or profile, often using multiple management tools. The result is that your security policies become convoluted as you build and manage a firewall policy with source, destination, user, port, and action; an application control policy with similar rules; and any other threat prevention rules required. Multiple security policies that mix positive (firewall) and negative (application control, IPS, and anti-malware) control models can cause security holes by missing traffic and/or not identifying

 

NEW QUESTION 37
How does adopting a serverless model impact application development?

  • A. reduces the operational overhead necessary to deploy application code
  • B. costs more to develop application code because it uses more compute resources
  • C. slows down the deployment of application code, but it improves the quality of code development
  • D. prevents developers from focusing on just the application code because you need to provision the underlying infrastructure to run the code

Answer: A

Explanation:
List three advantages of serverless computing over
CaaS: - Reduce costs - Increase agility - Reduce operational overhead

 

NEW QUESTION 38
In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly innocuous files?

  • A. reconnaissance
  • B. exploitation
  • C. weaponization
  • D. delivery

Answer: C

Explanation:
Explanation
"Weaponization: Next, attackers determine which methods to use to compromise a target endpoint. They may choose to embed intruder code within seemingly innocuous files such as a PDF or Microsoft Word document or email message."

 

NEW QUESTION 39
Which two network resources does a directory service database contain? (Choose two.)

  • A. Users
  • B. Services
  • C. /etc/shadow files
  • D. Terminal shell types on endpoints

Answer: A,B

Explanation:
A directory service is a database that contains information about users, resources, and services in a network.

 

NEW QUESTION 40
In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly innocuous files?

  • A. reconnaissance
  • B. exploitation
  • C. delivery
  • D. weaponization

Answer: C

 

NEW QUESTION 41
Which model would a customer choose if they want full control over the operating system(s) running on their cloud computing platform?

  • A. SaaS
  • B. PaaS
  • C. DaaS
  • D. IaaS

Answer: D

 

NEW QUESTION 42
Which organizational function is responsible for security automation and eventual vetting of the solution to help ensure consistency through machine-driven responses to security issues?

  • A. DevOps
  • B. SecDevOps
  • C. SecOps
  • D. NetOps

Answer: C

Explanation:
Explanation
Security operations (SecOps) is a necessary function for protecting the digital way of life, for global businesses and customers. SecOps requires continuous improvement in operations to handle fast-evolving threats. SecOps needs to arm security operations professionals with high-fidelity intelligence, contextual data, and automated prevention workflows to quickly identify and respond to these threats. SecOps must leverage automation to reduce strain on analysts and execute the Security Operation Center's (SOC) mission to identify, investigate, and mitigate threats.

 

NEW QUESTION 43
Match the Identity and Access Management (IAM) security control with the appropriate definition.

Answer:

Explanation:

 

NEW QUESTION 44
Which technique changes protocols at random during a session?

  • A. tunneling within commonly used services
  • B. use of non-standard ports
  • C. port hopping
  • D. hiding within SSL encryption

Answer: C

Explanation:
Port hopping, in which ports and protocols are randomly changed during a session.

 

NEW QUESTION 45
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)

  • A. Processes
  • B. Business
  • C. Accessibility
  • D. Understanding
  • E. People

Answer: A,B,E

 

NEW QUESTION 46
In addition to local analysis, what can send unknown files to WildFire for discovery and deeper analysis to rapidly detect potentially unknown malware?

  • A. AutoFocus
  • B. Cortex XSOAR
  • C. Cortex XDR
  • D. MineMild

Answer: C

Explanation:
Explanation
In addition to local analysis, Cortex XDR can send unknown files to WildFire for discovery and deeper analysis to rapidly detect.

 

NEW QUESTION 47
Which type of LAN technology is being displayed in the diagram?

  • A. Star Topology
  • B. Bus Topology
  • C. Mesh Topology
  • D. Spine Leaf Topology

Answer: A

 

NEW QUESTION 48
Based on how much is managed by the vendor, where can CaaS be situated in the spread of cloud computing services?

  • A. between IaaS and PaaS
  • B. between FaaS and Serverless
  • C. between PaaS and FaaS
  • D. between On-Prem and IaaS

Answer: A

 

NEW QUESTION 49
Which statement describes DevOps?

  • A. DevOps is a combination of the Development and Operations teams
  • B. DevOps is a set of tools that assists the Development and Operations teams throughout the software delivery process
  • C. DevOps is its own separate team
  • D. DevOps is a culture that unites the Development and Operations teams throughout the software delivery process

Answer: D

Explanation:
DevOps is not:
* A combination of the Dev and Ops teams: There still are two teams; they just operate in a communicative, collaborative way.
* Its own separate team: There is no such thing as a "DevOps engineer." Although some companies may appoint a "DevOps team" as a pilot when trying to transition to a DevOps culture, DevOps refers to a culture where developers, testers, and operations personnel cooperate throughout the entire software delivery lifecycle.
* A tool or set of tools: Although there are tools that work well with a DevOps model or help promote DevOps culture, DevOps ultimately is a strategy, not a tool.
* Automation: Although automation is very important for a DevOps culture, it alone does not define DevOps.

 

NEW QUESTION 50
Which characteristic of serverless computing enables developers to quickly deploy application code?

  • A. Uploading cloud service autoscaling services to deploy more virtual machines to run their application code based on user demand
  • B. Uploading the application code itself, without having to provision a full container image or any OS virtual machine components
  • C. Using cloud service spot pricing to reduce the cost of using virtual machines to run their application code
  • D. Using Container as a Service (CaaS) to deploy application containers to run their code.

Answer: B

Explanation:
Explanation
"In serverless apps, the developer uploads only the app package itself, without a full container image or any OS components. The platform dynamically packages it into an image, runs the image in a container, and (if needed) instantiates the underlying host OS and VM and the hardware required to run them."

 

NEW QUESTION 51
Which type of Software as a Service (SaaS) application provides business benefits, is fast to deploy, requires minimal cost and is infinitely scalable?

  • A. Benign
  • B. Tolerated
  • C. Sanctioned
  • D. Secure

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 52
Match each tunneling protocol to its definition.

Answer:

Explanation:

 

NEW QUESTION 53
Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

  • A. Behavior-based
  • B. Database-based
  • C. Knowledge-based
  • D. Signature-based

Answer: A

Explanation:
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems:
* A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective.
* A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt.
These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems

 

NEW QUESTION 54
Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

  • A. Behavior-based
  • B. Database-based
  • C. Knowledge-based
  • D. Signature-based

Answer: A

Explanation:
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems:
* A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective.
* A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt.
These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems

 

NEW QUESTION 55
......

Truly Beneficial For Your Palo Alto Networks Exam: https://www.passsureexam.com/PCCET-pass4sure-exam-dumps.html

View All PCCET Actual Exam Questions, Answers and Explanations for Free: https://drive.google.com/open?id=1gtFLS-duTzYc4dDPDQfwpkW1piqQa5DE

Related Articles

more
Palo Alto Networks PCCET Certification Practice Exam